What is code review in the context of quality assurance?

Code review is the practice of having peers examine source code changes before they are merged — a human quality gate that complements automated testing. What code reviews catch that automated tests miss: (1) Logic errors: "this algorithm is wrong for edge case X." (2) Design issues: poor abstraction, wrong responsibility. (3) Security vulnerabilities: SQL injection risk, exposed secrets. (4) Readability: naming, comments, clarity. (5) Missing tests: "where are the tests for this behavior?" (6) Non-obvious bugs: off-by-one errors, race conditions. (7) Domain knowledge: "this violates our business rule about X." Best practices: (1) Review the PR diff against requirements, not just the code in isolation. (2) Prefer small PRs (easier to review). (3) Author should explain non-obvious decisions. (4) Use a checklist for consistent reviews. (5) Keep reviews constructive, not personal. (6) Automated linting/SAST reduces review burden on style/syntax. (7) Require at least one approval before merge. Tools: GitHub Pull Requests, GitLab MR, Crucible, Gerrit.